NIXER-2026-0003

crewAI: Docker Fallback Vulnerability (CVE-2026-2287)

High CVSS 8.2 Supply Chain Patched
Affected Project
Discovered
June 1, 2026
Published
June 1, 2026
Author
Nixer Security Research

Summary

CVE-2026-2287: crewAI falls back to a root-equivalent Docker execution context when the docker-py library is available but the Docker daemon is not accessible, creating a container escape path in containerized deployments.

Technical Details

When crewAI initializes agent execution environments and the Docker Python SDK detects dockerd running but the agent lacks daemon access, the fallback path uses system-level subprocess calls with elevated privileges. In shared Kubernetes pods, this allows privilege escalation to the host.

Impact

Container escape in Kubernetes/Multi-tenant environments where crewAI agents are deployed as shared services. Allows an attacker to break out of the container and access the host filesystem.

Affected Versions

crewAI < 0.82.1 (confirmed vulnerable)

Remediation

Upgrade to crewAI 0.82.1 or later. Ensure Docker daemon is not reachable from agent containers. Use Kubernetes security contexts and pod security policies to restrict container capabilities.

Credit: Nixer Security Research — run your own security scan at nixer.polsia.app/try
Discovery method: Found by Nixer security scanner — run your own at https://nixer.polsia.app/try